{"title":"基于源代码分析的ICS基础设施漏洞修复","authors":"Lucian Florin Ilca, T. Balan","doi":"10.1109/RoEduNet51892.2020.9324845","DOIUrl":null,"url":null,"abstract":"The Industrial Control Systems (ICS) and its sub-processes, hardware and software, make possible the management and operation of industrial critical infrastructure and services such as: energy, water, defense, transportation. Nowadays, the biggest vendors on the market started developing for the ICS marketplace new systems with more power, control, stability, but these complex systems are susceptible to different threats such as: insider attack, third-party, technical or physical failure, external attacks. Therefore, is critical to protect ICS assets. Paying attention to the ISA/IEC 62443 standard, this paper is proposing methods for source code analysis using open source tools that can be used in development or testing phase by ICS professionals in order to detect new vulnerabilities and bugs (e.g. weak encryption, code disclosure, clear text passwords) using a vulnerability remediation management tool in order to have a complete view of new and existing security breaches. The purpose of this research paper is providing valuable information to ICS developers to increase security level in the production area with very little effort for the Internet exposed Programmable Logic Controllers (PLC).","PeriodicalId":140521,"journal":{"name":"2020 19th RoEduNet Conference: Networking in Education and Research (RoEduNet)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Vulnerability Remediation in ICS Infrastructure Based on Source Code Analysis\",\"authors\":\"Lucian Florin Ilca, T. Balan\",\"doi\":\"10.1109/RoEduNet51892.2020.9324845\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Industrial Control Systems (ICS) and its sub-processes, hardware and software, make possible the management and operation of industrial critical infrastructure and services such as: energy, water, defense, transportation. Nowadays, the biggest vendors on the market started developing for the ICS marketplace new systems with more power, control, stability, but these complex systems are susceptible to different threats such as: insider attack, third-party, technical or physical failure, external attacks. Therefore, is critical to protect ICS assets. Paying attention to the ISA/IEC 62443 standard, this paper is proposing methods for source code analysis using open source tools that can be used in development or testing phase by ICS professionals in order to detect new vulnerabilities and bugs (e.g. weak encryption, code disclosure, clear text passwords) using a vulnerability remediation management tool in order to have a complete view of new and existing security breaches. The purpose of this research paper is providing valuable information to ICS developers to increase security level in the production area with very little effort for the Internet exposed Programmable Logic Controllers (PLC).\",\"PeriodicalId\":140521,\"journal\":{\"name\":\"2020 19th RoEduNet Conference: Networking in Education and Research (RoEduNet)\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 19th RoEduNet Conference: Networking in Education and Research (RoEduNet)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RoEduNet51892.2020.9324845\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 19th RoEduNet Conference: Networking in Education and Research (RoEduNet)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RoEduNet51892.2020.9324845","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Vulnerability Remediation in ICS Infrastructure Based on Source Code Analysis
The Industrial Control Systems (ICS) and its sub-processes, hardware and software, make possible the management and operation of industrial critical infrastructure and services such as: energy, water, defense, transportation. Nowadays, the biggest vendors on the market started developing for the ICS marketplace new systems with more power, control, stability, but these complex systems are susceptible to different threats such as: insider attack, third-party, technical or physical failure, external attacks. Therefore, is critical to protect ICS assets. Paying attention to the ISA/IEC 62443 standard, this paper is proposing methods for source code analysis using open source tools that can be used in development or testing phase by ICS professionals in order to detect new vulnerabilities and bugs (e.g. weak encryption, code disclosure, clear text passwords) using a vulnerability remediation management tool in order to have a complete view of new and existing security breaches. The purpose of this research paper is providing valuable information to ICS developers to increase security level in the production area with very little effort for the Internet exposed Programmable Logic Controllers (PLC).
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
